Weird comments/emails

[-okapi-]

this is the text of the last weird mail.

Quote:

a new comment has been made on the following image:



http://www.a-visual-notebook.at/?sho...al-notebook.at Content-Type: multipart/mixed; boundary=\"===============2075257112==\" MIME-Version: 1.0 Subject: 5490578 To: ahgtqoy@a-visual-notebook.at bcc: jrubin3546@aol.com From: ahgtqoy@a-visual-notebook.at This is a multi-part message in MIME format. --===============2075257112== Content-Type: text/plain; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit sdfgmqdx --===============2075257112==--

the comment is:
----------------------------------------------------------------------

ahgtqoy@a-visual-notebook.at

by ahgtqoy@a-visual-notebook.at

----------------------------------------------------------------------

(email sent by pixelpost)

the sender was:

ahgtqoy@a-visual-notebook.at <ahgtqoy@a-visual-notebook.at>

now i was test-commenting some images, and there was no email notification at all.

EDITED, because i added the snippet at the wrong lines.

[raminia+]

read my recent post that was about adding new codes. it was edited!

[-okapi-]

Quote:

Originally Posted by raminia

read my recent post that was about adding new codes. it was edited!

thank you ramin!

now it works. and thanks for your comment on the latest image, now the notification did work!
as soon as there is a number in the name of the commenter, there is no email notification. i assume that this is the purpose of your code snippet?
as i have tested it with names like "tester 2", there was no notification.

[n0d3]

Hi Raminia, I do not use popup comments either. This is what my spam looks like in my inbox: www.two-am.org/spam.jpg

Btw, do I remove the code from the first solution or do I leave it there as well?

[raminia+]

@n0d3 you can keep the lat mod. it was ok

@okapi
That's nice to hear it works. I looks at the ID of photo from the HTML page. if it is not a numeric value it will show a blank page and exits. the hacker tries to substitute the default hidden value in the form from image id to its email address. I think it is machine that do this. it's quite silly (or very clever that I don't understand). It does not do anything bug annoying. Now if it does that, PP will stop responsing to it.

about notification for somebody with number in his/her name, it shouldn't stop notofiying.... are you sure?

[raminia+]

btw, could you send me the raw content of the spam notification emails?

not the HTML view that you see on your email software but the message source.

[n0d3]

Ok, droppped you a PM. Thanks for the help!

[raminia+]

I've made a glance. no time for more investigation for now.
it seems it filles every form field blindly with its email address in hope to get something emailed to itself.


there is no such vulnerability in pp. just annoys.

[funktifeye]

Not sure if this is the same issue, but I've been getting a ton of notifications that simply say:

Quote:

Hello,
A new comment has been made on your photoblog.

http://www.funktifeye.com/plog/?showimage=


The Comment is:
----------------------------------------------------------------------

by -
----------------------------------------------------------------------
Powered by Pixelpost